Well basically, you're synchronizing your requests based on a session identifier. This is similar to the way you might handle the problem if you were writing your own multi-threaded server application, and you had to make sure that you knew where requests originated from.

This solution also assumes that session state tracking has been started prior to the form submission, or you're really no better off -- each new form submission would then get a new session.